[Cryptography] What should I put in notifications to NSA?

Thu Dec 17 13:21:51 EST 2015

When faced with this, Project Byzantium contacted the Electronic Frontier Foundation and worked out what did and did not need to be done with one of their subject matter experts.  We then moved forward from there.

I am not a lawyer.  This is not legal advice.  Get your own lawyer.  This is only what Byzantium did:

Due to the fact that we did not write our own crypto code (we used OpenSSL and applications which relied upon OpenSSL) we did not need to do this.  The advice we were given was that, due to the fact that we did not write crypto code of our own, and we were using someone else's that had been packaged by yet someone else (two someone elses, actually - from Slackware to Porteus Linux to us, the code did flow) this set of regulations did not apply to our project.

Your mileage will probably vary.  Get a lawyer.

- -- 
The Doctor [412/724/301/703/415] [ZS]

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

"That wasn't a metaphor."

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWcv1AAAoJED1np1pUQ8RkS78P+wZIknbWbSy3OdFMkgCg03Rs
VC/wcucdYsbwGIyk6Ubph+N+eBXN6kjwbX7dOKyQVSbTkABGX2VGnx8cUp5K1fah
rRV2yk4K6e2RpNW5Ac/44Kun3dx3txd5pHC6AR/Z/pzX02fh3+o1bfZyb66mh2+3
GSkNMO1r+c4tnMqREHh2T3UG4v80Y6ilXXoaBJ1vsupYozaMYyVM+9ouhzwMkZJJ
YjNvmQh2bgnz+8H2mM4GXW6+Ja869821XM8LwULSw6E2fawt3EmvndRoRcdDZOrf
8iKlOOzZc9+wvVspv68CMUgC6ipVrkhMPUhWH/ZDYDlwTZw0zhnOn+L05lXuR1bi
Ah5QKdQEUNwGhMC7kEedS4jwIVipom6W7w10YF0kCWa0/9T8i47N7zdD0P1rpgZa
Z9mC2t81/ZpICCNuTdV6JkMeF3bnYDQxP7ZMD0XcwvDJIF9QmTvlWv7jN6gg95Hi
jAqXGzFI72RYhVl9jOfZdA8jJUSPGVcQ4dyzI5Tx4kQGgFeNqzM+ye6JsuYOy6LE
+ooRRkHJfkHOhqtxULmj7EtDMg2omenN5vemNuFPbpRHbgQmyul1drO+hZpTtWEh
Qis9Ick1zFMEw3ABomlhFUdR61vJD9ayHTXrOJVkAxjFIiqD2W9ZikE3hg0i9It1
MV3drWSnUZK4zl3nAwF9
=CvNL
-----END PGP SIGNATURE-----